Sign in with
Sign up | Sign in
Your question

The Web Is My Castle: Secure Backup Over the Internet

Last response: in Storage
Share
December 15, 2006 11:56:22 AM

Hamachi is a free tool for establishing secure VPN connections between two PCs by mediating p2p connections (like Skype does). Its potential for Internet backup and data replication is huge.
December 15, 2006 2:06:14 PM

I believe there is a mistake in the article. I use Robocopy and there is a switch you can use to control whether or not you remove files from the target directory if it is deleted in the source. I purpose never have robocoy delete anything because I feel I'm more likely going to need to restore a backup of a file I delete by mistake than an actual hardware failure.
December 15, 2006 3:17:54 PM

I feel sorry for Windows users.

I use this:

rsync -arzv --rsh="ssh" ~ myhost.net:BACKUPS/$HOSTNAME/`date +%a`/$HOME

for backups through firewalls and VPNs using a variety of linux and OS X machines.
Some machines have it crontab'd.

Sometimes I use it from Windows boxes with Cygwin, but the ugly part there is just having to use Windows.

Dave
Related resources
December 15, 2006 3:32:50 PM

someone forgot to blur out an IP addy on page 3
December 15, 2006 3:34:13 PM

Quote:
Robocopy...is a simple, but powerful command-line based copy tool to securely copy, mirror and relocate from a source to a target. It is not suitable for real-data synchronization, since it replicates data from the source to the target rather than comparing both sides to find the latest file version.

For an alternative solution that does all the above plus synchronization try Vice Versa Pro. Also supports compression and AES 256 bit encryption. Works extremely well but not free.
December 15, 2006 3:38:51 PM

pfff
your doing a sync through an ssh tunnel. can be done on any windows box. i like linux but saying stuff like this is ridiculous.

The real way to do this is contacting your Service Provider and getting a tunnel, like a point to point MPLS layer, cut out of a circuit. That way your traffic, and only your traffic, is in the tunnel.
December 16, 2006 12:32:07 AM

OK, humor me here, I'm learning this on the fly, but on page 3 the article states:

Quote:
if you want the whole solution to be secure you'll have to add an encryption layer to your VPN server, because the default Windows VPN is not secure.

That sounded a bit strange to me so I did some digging. Windows VPN relies on PPTP by default, and PPTP apparently utilizes MPPE. MPPE purportedly employs 40-bit or 128-bit RSA encryption.

So what's the problem exactly??

-Brad
December 16, 2006 12:34:42 AM

been looking for something like this.. I need something that uses little to no resources. I've been thinking about using CwRsync but it looks a little confusing to use between two windows machines and I can't find any good documentation.

Is robocopy with this GUI the best/easiest bet for me, or should I face the facts and learn the command lines needed to go with CwRsync.

-Cody
December 16, 2006 12:41:10 AM

Quote:
Hamachi is a free tool for establishing secure VPN connections between two PCs by mediating p2p connections (like Skype does). Its potential for Internet backup and data replication is huge.


damn, secrets out. my friends and i have been using hamachi for a while, its so great for lan parties now that i've moved away from my hometown. my friends are kinda computer-illiterate, and can't give out the right ips, so we use hamachi. its great.

never thought of this backing up stuff. pffff. who works, i mean, really? kidding. sweet idea! hamachi is nice, but i've had a minor prob or two w/ it.
December 16, 2006 5:10:12 AM

Instead of messing around with robocopy, I would recommend ALLWAY SYNC. It does a better job and is easier to configure. It is also a freeware.

Allway Sync Features

* Free for personal use synchronization software. No spyware, adware or malware.
* Easy-to-use graphical interface.
* Performs true bi-directional and n-way file and folder synchronization, forget about backup and restore routines.
* File modifications and deletions are tracked in a local database. So, Allway Sync knows the true history of your files--no unnecessary questions asked.
* Our innovative, proprietary algorithms do not rely on the accuracy of the system clock or network connection quality. So, Allway Sync helps prevents data loss.
* Generates a full report of differences between synchronization folders.
* Synchronizes folders as well. Allway Sync detects when folders are removed from one device and removes them from any other corresponding synchronization targets.
* Supports virtually any file system (FAT, NTFS, SAMBA, Netware, X-Drive, CDFS, UDF and more).
* Capable of synchronizing more than two folders.
* Synchronize data between your desktop PCs and laptops over a network.
* A good way to backup and restore files if you run Allway Sync in one-way mode.
* Specify independent synchronization parameters for any number of sets of folders (multiple jobs).
* Transfer documents from one computer to another using an intermediate removable drive.
* Or just synchronize with a removable device (USB key, flash drive, CDRW, Zip) so that you always have your data with you.
* Flexible configuration and customization.
* Supports files of any size.
December 17, 2006 5:07:55 AM

Quote:
I feel sorry for Windows users.

I use this:

rsync -arzv --rsh="ssh" ~ myhost.net:BACKUPS/$HOSTNAME/`date +%a`/$HOME

for backups through firewalls and VPNs using a variety of linux and OS X machines.
Some machines have it crontab'd.

Sometimes I use it from Windows boxes with Cygwin, but the ugly part there is just having to use Windows.

Dave


http://www.gaztronics.net/rsync.php

Read, be enlightened young padawan, welcome to the dark side . . .

Who I feel sorry for, is people who have become so estranged with their systems, that they don't have another backup solution, and require something like this to begin with.

Have important data ? use that USB port on your machine, and backup data to a USB HDD. Have important data at work to backup ? Use a real solution such as iSCSI, GbE networks, and RAID 5 +. Who cares if your system is wiped out by whatever means, a savvy system admin can install WinXP in minutes, and probably already has your current system ghosted on a remote system to begin with.

There are so many option out there already, and this one makes very little sense to me . . .

[EDIT]

Well, that is, unless you're trying to circumvent measures in place at work, and stealing sensitive data . . .
December 17, 2006 12:28:39 PM

Quote:
Who I feel sorry for, is people who have become so estranged with their systems, that they don't have another backup solution, and require something like this to begin with.

Have important data ? use that USB port on your machine, and backup data to a USB HDD. Have important data at work to backup ? Use a real solution such as iSCSI, GbE networks, and RAID 5 +. Who cares if your system is wiped out by whatever means, a savvy system admin can install WinXP in minutes, and probably already has your current system ghosted on a remote system to begin with.

There are so many option out there already, and this one makes very little sense to me . . .

Oh, come now, it's not as bad as it seems. Although I wanted to chuckle a bit that it took three and a half long pages to describe a "simple" VPN solution. But Robo is a slick widget and the price is right. And since there are so many "smart" people who do back up but never think about the need for off-site backups, or do think of that but get lazy about rotating the media back and forth, using a VPN tunnel, existing connectivity and spare bandwidth ain't a bad solution.

RAID-5 is nice but it won't save you from data corruption or accidental deletion. A local ghost copy is nice assuming the entire office hasn't been destroyed. And sure, a savvy sys admin can install XP in a few minutes but re-installing twenty, thirty or forty applications can be taxing.

I do wish that all the oh so very helpful folks that recommend Cygwin would offer a detailed description of exactly what parts of it need to be installed, because I pity the poor fools who might try to install the whole package (and whose backup times will subsequently SKYROCKET)...

-Brad
December 17, 2006 11:46:19 PM

Quote:

Oh, come now, it's not as bad as it seems. Although I wanted to chuckle a bit that it took three and a half long pages to describe a "simple" VPN solution. But Robo is a slick widget and the price is right. And since there are so many "smart" people who do back up but never think about the need for off-site backups, or do think of that but get lazy about rotating the media back and forth, using a VPN tunnel, existing connectivity and spare bandwidth ain't a bad solution.

RAID-5 is nice but it won't save you from data corruption or accidental deletion. A local ghost copy is nice assuming the entire office hasn't been destroyed. And sure, a savvy sys admin can install XP in a few minutes but re-installing twenty, thirty or forty applications can be taxing.

I do wish that all the oh so very helpful folks that recommend Cygwin would offer a detailed description of exactly what parts of it need to be installed, because I pity the poor fools who might try to install the whole package (and whose backup times will subsequently SKYROCKET)...

-Brad


I don't put Cygwin on any of my systems, nor do I recommends its use. Not because of exploits, and whatnot, but because its software, that people have worked very hard on, but doesn't work as intended at times. The result is at least a slightly fouled system, but I've seen, and experienced worse.

RAID5 is nice, but you can not expect it to magically undelete files for you. Files that are *that* important, need to be stored in multiple safe locations, which RAID5 could be one, and a DvD another (pretty safe between the two if you ask me), but you could add even more locations IF you really think thats going to "save" you. I suggest that you read up on iSCSI, use it, and learn the possibilities. With a little imagination, and 2 or more computer systems, the average Joe could have enterprise like solutions available to him at home.

If you're interested in iSCSI, and know about it, or not, you can read my own mini analysis of speeds obtained with average, inexpensive hardware
here. . I personally see a big future for iSCSI :) 

I've always been at least a little suspicious of things like what this article speaks of, especially if its free. Using gmail myself, I still sleep with one eye open ;) 
December 18, 2006 3:06:22 AM

iSCSI has been around a while although I have to admit I didn't read up on it much until just now. Frankly I'm feeling a bit ambivalent about it, mostly because I'm lukewarm - skeptical even - to this ridiculous rush over the past few years to use TCP/IP (with all that overhead) on everything from toothbrushes to toilet bowls. Then again, sadly, nobody's ever accused me of being a world class visionary. Oh well.

It does have some fun possibilities. Poor man's cluster was one of the first to come to mind. Too bad 10 Gig is still so expensive - GigE can be completely saturated by just one of a few of today's better consumer -class SATA hard drives.

FWIW, I won't even send email to people with gmail accounts ;-).

-Brad
December 18, 2006 4:52:25 AM

Quote:
iSCSI has been around a while although I have to admit I didn't read up on it much until just now. Frankly I'm feeling a bit ambivalent about it, mostly because I'm lukewarm - skeptical even - to this ridiculous rush over the past few years to use TCP/IP (with all that overhead) on everything from toothbrushes to toilet bowls. Then again, sadly, nobody's ever accused me of being a world class visionary. Oh well.

It does have some fun possibilities. Poor man's cluster was one of the first to come to mind. Too bad 10 Gig is still so expensive - GigE can be completely saturated by just one of a few of today's better consumer -class SATA hard drives.

FWIW, I won't even send email to people with gmail accounts ;-).

-Brad


The thing is, if you read my mini analysis of speed testing I did on mashies Forums, you'll note that the TCP/IP overhead is a bit lower than you would expect from a different Protocol (Samba, or FTP for example)

Also, In my testing, I noticed typically .1 MS overhead in random accesses, and in the case of using an image file vs direct HDD use, I actually gained 5.x MS random access times. Granted, I lost some to throughput as well . ..

One of the most interesting uses I've personally thought about, was the ability to say RAID across multiple Targets(to one Initiator), using very large RAM DISKs, and suddenly, you have a HUGE RAIDed RAM DISK, with very low access times, and potentially huge throughput capabilities. The usage here should be obvious. Back that with the ability to use software RAID 1 on the target side, and suddenly you have a very large RAM DISK with redundancy ;)  Forget the fact that a lot of people think that software RAID 1 is slow, it *is* not. It may be a little slower than when implemented in hardware, but not enough to worry about. The only caveat I could think of , would be CPU usage.

Also keep in mind, that if you read my mini analysis, I used common everyday equipment, including older hardware, and a PCI GbE adapter on the target side(I expect this was one of the limiting factors in my tests). If I used an Intel Pro 1000 PCI-E card (which I defiantly plan on buying), and a good adapter on the Initiator side with TOE, performance would definitely improve.

If you're interested, keep an eye on that forum. I plan on writing my own real world usage benchmarking application, to say copy a DvD on one HDD to another, and implement a Linux iSCSI Target using Dapper 6.06 server for further tests. In the future, with the possibility of PCI-E 2.0 direct peer to peer communications, this technology will really start to show its true colors.

Where iSCSI really shines however, is its ability to work with any network provided it implements TCP/IP, and is not llimited to any one peice pf proprietary equipment. This also means, you do NOT have to use SCSI devices, you can use ATA, SATA (shown in my tests), SCSI, FC SCSI, and any other interface device the Target has the ability to use, which would even include MFM (although WHY you would want to would be reason for questioning ones sanity . . .).
December 18, 2006 2:58:25 PM

From what I can see, in terms relevant to the topic (which is Backup Over the Internet, not Beating the iSCSI Drum), iSCSI can be a nifty tool for eliminating a layer of complexity by tunneling iSCSI over VPN and relying on native storage management instead of on an application running on the operating system.

What your analysis reveals otherwise, is the reason that iSCSI has not picked up more steam, which is that it's being absolutely strangled by the limitations of currently available Ethernet implementations.

In an age where you have PCIe, SAS/SATA, etc. all struggling to stay ahead of the speeds of relatively "slow" mechanical storage, a single Western Digital Raptor can almost completely saturate a gigabit Ethernet link. 10GbE is way too expensive and consumer grade GbE switches can quickly become overwhelmed with Gb speed traffic on multiple ports. To say that iSCSI can deliver enterprise -like results at home is a little too much poetic license for my taste.

And your favorite Interesting Use - RAMdisks - seem an even stranger candidate for iSCSI. Take a RAM -speed device, move it off the northbridge or southbridge and strangle it with Ethernet? No thanks. Sounds like you're having fun and it's an interesting technology but I'm seeing limited practicality right now.

-Brad
December 19, 2006 12:00:29 AM

Quote:
From what I can see, in terms relevant to the topic (which is Backup Over the Internet, not Beating the iSCSI Drum), iSCSI can be a nifty tool for eliminating a layer of complexity by tunneling iSCSI over VPN and relying on native storage management instead of on an application running on the operating system.

What your analysis reveals otherwise, is the reason that iSCSI has not picked up more steam, which is that it's being absolutely strangled by the limitations of currently available Ethernet implementations.

In an age where you have PCIe, SAS/SATA, etc. all struggling to stay ahead of the speeds of relatively "slow" mechanical storage, a single Western Digital Raptor can almost completely saturate a gigabit Ethernet link. 10GbE is way too expensive and consumer grade GbE switches can quickly become overwhelmed with Gb speed traffic on multiple ports. To say that iSCSI can deliver enterprise -like results at home is a little too much poetic license for my taste.

And your favorite Interesting Use - RAMdisks - seem an even stranger candidate for iSCSI. Take a RAM -speed device, move it off the northbridge or southbridge and strangle it with Ethernet? No thanks. Sounds like you're having fun and it's an interesting technology but I'm seeing limited practicality right now.

-Brad


First of all, let me say that I don't necessarily disagree with a lot of what you're saying, a lot of it holds merit. This being said, I don't think you fully understand the ideas I've tried to share here. This isn't to say I think you're stupid, quite the opposite actually. At the same time however, when you stated previously: "no one has ever accused me of being a visionary", well, frankly, I'm starting to understand this statement.

iSCSI isn't perfect, and maybe I've been beating the iSCSI drum pretty hard, but with a little imagination, time invested, and perhaps a bit of money, there are things you can do, that are both fun, useful, and superior to other options.
!